aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-28 03:25:59 -0400
committerJack Lloyd <[email protected]>2018-03-28 05:13:32 -0400
commit5b7cb0d19d7ffe97712c39aaf2f861a2504442aa (patch)
tree6bbddc81b11d2115b61a1ce1dce97c64bd8efcc0 /doc/manual
parentd829bc5dd0002373ad07a09a07082e859f047901 (diff)
Update TLS docs re new APIs for 2.5 [ci skip]
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/credentials_manager.rst13
-rw-r--r--doc/manual/tls.rst16
2 files changed, 28 insertions, 1 deletions
diff --git a/doc/manual/credentials_manager.rst b/doc/manual/credentials_manager.rst
index e694f7efd..169e5ab8e 100644
--- a/doc/manual/credentials_manager.rst
+++ b/doc/manual/credentials_manager.rst
@@ -29,12 +29,23 @@ implementation.
The default implementation returns an empty list.
+ .. cpp:function:: std::vector<X509_Certificate> find_cert_chain( \
+ const std::vector<std::string>& cert_key_types, \
+ const std::vector<X509_DN>& acceptable_CAs, \
+ const std::string& type, \
+ const std::string& context)
+
+ Return the certificate chain to use to identify ourselves. The
+ ``acceptable_CAs`` parameter gives a list of CAs the peer trusts.
+ This may be empty.
+
.. cpp:function:: std::vector<X509_Certificate> cert_chain( \
const std::vector<std::string>& cert_key_types, \
const std::string& type, \
const std::string& context)
- Return the certificate chain to use to identify ourselves
+ Return the certificate chain to use to identify ourselves. Starting in
+ 2.5, prefer ``find_cert_chain`` which additionally provides the CA list.
.. cpp:function:: std::vector<X509_Certificate> cert_chain_single_type( \
const std::string& cert_key_type, \
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index a41245448..551d1e6c7 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -137,6 +137,22 @@ information about the connection.
This callback is optional, and can be used to inspect all handshake messages
while the session establishment occurs.
+ .. cpp:function:: void tls_modify_extensions(Extensions& extn, Connection_Side which_side)
+
+ This callback is optional, and can be used to modify extensions before they
+ are sent to the peer. For example this enables adding a custom extension,
+ or replacing or removing an extension set by the library.
+
+ .. cpp:function:: void tls_examine_extensions(const Extensions& extn, Connection_Side which_side)
+
+ This callback is optional, and can be used to examine extensions sent by
+ the peer.
+
+ .. std::string tls_decode_group_param(Group_Params group_param)
+
+ This callback is optional. It can be used to support custom group ids for
+ ECDH and DH key exchange.
+
.. cpp:function:: void tls_log_error(const char* msg)
Optional logging for an error message. (Not currently used)